CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

Blog

Byadmblake November 30, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.
The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via

Blog

Outbreak Alert- Annual Report 2024

Post Content

Read More Outbreak Alert- Annual Report 2024
Blog

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the…

Read More Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
Blog

Threat Intelligence Executive Report – Volume 2025, Number 4

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during May and June

Read More Threat Intelligence Executive Report – Volume 2025, Number 4
Blog

Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations

Post Content

Read More Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations
Blog

Russia’s Secret Blizzard APT Gains Embassy Access via ISPs

An ongoing AitM campaign by the infamous Moscow-sponsored cyber threat actor has widened its scope, dropping the dangerous ApolloShadow custom backdoor malware thanks to lawful intercept systems.

Read More Russia’s Secret Blizzard APT Gains Embassy Access via ISPs
Blog

‘Crafty Camel’ APT Targets Aviation, OT With Polygot Files

The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE.

Read More ‘Crafty Camel’ APT Targets Aviation, OT With Polygot Files

Related